| /* |
| * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package com.sun.security.sasl; |
| |
| import javax.security.sasl.*; |
| import com.sun.security.sasl.util.PolicyUtils; |
| |
| import java.util.Map; |
| import java.io.IOException; |
| import javax.security.auth.callback.Callback; |
| import javax.security.auth.callback.CallbackHandler; |
| import javax.security.auth.callback.NameCallback; |
| import javax.security.auth.callback.PasswordCallback; |
| import javax.security.auth.callback.UnsupportedCallbackException; |
| |
| /** |
| * Client factory for EXTERNAL, CRAM-MD5, PLAIN. |
| * |
| * Requires the following callbacks to be satisfied by callback handler |
| * when using CRAM-MD5 or PLAIN. |
| * - NameCallback (to get username) |
| * - PasswordCallback (to get password) |
| * |
| * @author Rosanna Lee |
| */ |
| final public class ClientFactoryImpl implements SaslClientFactory { |
| private static final String myMechs[] = { |
| "EXTERNAL", |
| "CRAM-MD5", |
| "PLAIN", |
| }; |
| |
| private static final int mechPolicies[] = { |
| // %%% RL: Policies should actually depend on the external channel |
| PolicyUtils.NOPLAINTEXT|PolicyUtils.NOACTIVE|PolicyUtils.NODICTIONARY, |
| PolicyUtils.NOPLAINTEXT|PolicyUtils.NOANONYMOUS, // CRAM-MD5 |
| PolicyUtils.NOANONYMOUS, // PLAIN |
| }; |
| |
| private static final int EXTERNAL = 0; |
| private static final int CRAMMD5 = 1; |
| private static final int PLAIN = 2; |
| |
| public ClientFactoryImpl() { |
| } |
| |
| public SaslClient createSaslClient(String[] mechs, |
| String authorizationId, |
| String protocol, |
| String serverName, |
| Map<String,?> props, |
| CallbackHandler cbh) throws SaslException { |
| |
| for (int i = 0; i < mechs.length; i++) { |
| if (mechs[i].equals(myMechs[EXTERNAL]) |
| && PolicyUtils.checkPolicy(mechPolicies[EXTERNAL], props)) { |
| return new ExternalClient(authorizationId); |
| |
| } else if (mechs[i].equals(myMechs[CRAMMD5]) |
| && PolicyUtils.checkPolicy(mechPolicies[CRAMMD5], props)) { |
| |
| Object[] uinfo = getUserInfo("CRAM-MD5", authorizationId, cbh); |
| |
| // Callee responsible for clearing bytepw |
| return new CramMD5Client((String) uinfo[0], |
| (byte []) uinfo[1]); |
| |
| } else if (mechs[i].equals(myMechs[PLAIN]) |
| && PolicyUtils.checkPolicy(mechPolicies[PLAIN], props)) { |
| |
| Object[] uinfo = getUserInfo("PLAIN", authorizationId, cbh); |
| |
| // Callee responsible for clearing bytepw |
| return new PlainClient(authorizationId, |
| (String) uinfo[0], (byte []) uinfo[1]); |
| } |
| } |
| return null; |
| }; |
| |
| public String[] getMechanismNames(Map<String,?> props) { |
| return PolicyUtils.filterMechs(myMechs, mechPolicies, props); |
| } |
| |
| /** |
| * Gets the authentication id and password. The |
| * password is converted to bytes using UTF-8 and stored in bytepw. |
| * The authentication id is stored in authId. |
| * |
| * @param prefix The non-null prefix to use for the prompt (e.g., mechanism |
| * name) |
| * @param authorizationId The possibly null authorization id. This is used |
| * as a default for the NameCallback. If null, it is not used in prompt. |
| * @param cbh The non-null callback handler to use. |
| * @return an {authid, passwd} pair |
| */ |
| private Object[] getUserInfo(String prefix, String authorizationId, |
| CallbackHandler cbh) throws SaslException { |
| if (cbh == null) { |
| throw new SaslException( |
| "Callback handler to get username/password required"); |
| } |
| try { |
| String userPrompt = prefix + " authentication id: "; |
| String passwdPrompt = prefix + " password: "; |
| |
| NameCallback ncb = authorizationId == null? |
| new NameCallback(userPrompt) : |
| new NameCallback(userPrompt, authorizationId); |
| |
| PasswordCallback pcb = new PasswordCallback(passwdPrompt, false); |
| |
| cbh.handle(new Callback[]{ncb,pcb}); |
| |
| char[] pw = pcb.getPassword(); |
| |
| byte[] bytepw; |
| String authId; |
| |
| if (pw != null) { |
| bytepw = new String(pw).getBytes("UTF8"); |
| pcb.clearPassword(); |
| } else { |
| bytepw = null; |
| } |
| |
| authId = ncb.getName(); |
| |
| return new Object[]{authId, bytepw}; |
| |
| } catch (IOException e) { |
| throw new SaslException("Cannot get password", e); |
| } catch (UnsupportedCallbackException e) { |
| throw new SaslException("Cannot get userid/password", e); |
| } |
| } |
| } |